Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2828133pxb; Mon, 1 Nov 2021 02:40:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwE5XZlqENHMEnrqcdGmIVfAWOg8FNQB7elSpCWRacvEa1Z/NPVykbMlC6ZNx5b87GR+xjy X-Received: by 2002:a17:907:94c2:: with SMTP id dn2mr16487803ejc.312.1635759627009; Mon, 01 Nov 2021 02:40:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635759627; cv=none; d=google.com; s=arc-20160816; b=nQhnxVUZdsxhYVmsrcKPRxj4t7mnU0yr30Cg71wsYr2wDW7B4Oyr48Nozi6JO/LQQY vxyeV5jyXFZvGYISRx6e5yw6J3MenRMza8BhRNnJDU7yih+u4wtHlr+iZ4Qo7JHi5/mI MVBoixWhNOIKcBqkqLmZhz5rOfzfO4naT66cUYiapkhPHM6+FGjuZoRHpAdO0U/N8NzF s85qOnbPPilYpGBWBgUOaWVOvEWudjUmjq0xWY9DBwTIKekQ4gvLHeYgwZS5dpiQJqUY UhNbKMIJm2I4WUyBIidjaQTG1pimaeswM/83SVUfMZ51pY0iAzzsaXqW1pHVgBq1GUTq n5Lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=uekC5YcqCI0cLC8GEnshfP1qRLGuJSuyrL/t9nNDUj4=; b=YbxzDDftXaIeUOCP7wtYMqyCeZgGoYtUgcd9AbXadP/yrIuWThMHW/znJRPZEhChX/ ynZnB6MiN8WSeQZECZJVR5r4E5jbQ9e/6GRW9xniTcWK6RZJYJK0/789yDcUeNO/GBtk XKoqlYCLEiKa+Y2Fp2fUPi2U7w0tjZaR7V2Em+hZSIP8CKEDXtmJ/V6cGQYgGrffFVSz f5Isz0WWQDOnwDyDEs5deHHvMh+fBXkgFpxQ7JAzkdmkKMGvwZ0mGDFx2ZK0NoBSANCC G3rItxLWb63B3aC9DVw/VNakbAYstO5ESGIstwXANrZwd7yVfNCUHgn6bZX0nv70Zktf V2kg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=tsA+aBiW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id oz39si25224892ejc.590.2021.11.01.02.40.03; Mon, 01 Nov 2021 02:40:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=tsA+aBiW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232617AbhKAJk4 (ORCPT + 99 others); Mon, 1 Nov 2021 05:40:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:43580 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233647AbhKAJhr (ORCPT ); Mon, 1 Nov 2021 05:37:47 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 90C8161351; Mon, 1 Nov 2021 09:26:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1635758805; bh=RC6JetzLfBNEde2KfJFt1UuHBRjs8PXp+JrE2f97nKI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tsA+aBiWOCtK11BL+NGWwDdew32Sb/mmPJoqgiIbJMB8XZAbgEpBtHeBGfMBp8pV4 zkcFjg4WiOQuqkAAmYeobTUFxDh3MeGUovpq56Jv6fmBAtRKnbz/FFEva2W23vmPtX Uz9CVFoB48vxKu1e+I8urS0IYytAoLKq2KOkHTDY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xin Long , Marcelo Ricardo Leitner , Jakub Kicinski , Sasha Levin Subject: [PATCH 5.10 65/77] sctp: use init_tag from inithdr for ABORT chunk Date: Mon, 1 Nov 2021 10:17:53 +0100 Message-Id: <20211101082525.252345963@linuxfoundation.org> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211101082511.254155853@linuxfoundation.org> References: <20211101082511.254155853@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Xin Long [ Upstream commit 4f7019c7eb33967eb87766e0e4602b5576873680 ] Currently Linux SCTP uses the verification tag of the existing SCTP asoc when failing to process and sending the packet with the ABORT chunk. This will result in the peer accepting the ABORT chunk and removing the SCTP asoc. One could exploit this to terminate a SCTP asoc. This patch is to fix it by always using the initiate tag of the received INIT chunk for the ABORT chunk to be sent. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin --- net/sctp/sm_statefuns.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index b65bdaa84228..89a86728184d 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -6248,6 +6248,7 @@ static struct sctp_packet *sctp_ootb_pkt_new( * yet. */ switch (chunk->chunk_hdr->type) { + case SCTP_CID_INIT: case SCTP_CID_INIT_ACK: { struct sctp_initack_chunk *initack; -- 2.33.0